Product Resources Contact Us Plans
Sign In Talk to a B2B SaaS Expert

Product Capabilities

Offer Management

Deliver the right offer, to the right customer, at the right time.

Recurring Billing

Flexible, automated billing logic that scales with your growth.

Revenue Retention

Reduce customer churn caused by failed or delinquent payments.

Revenue Recognition

Automated revenue recognition to simplify ASC 606 & IFRS 15 compliance.

Payments

Choose from 20+ popular payment gateway options.

Subscription Management

Track and manage subscriptions to build stronger relationships.

Analytics & Insights

Understand the health of your subscription business.

Security & Reliability

Enterprise-grade security to protect your business and customers.

Product Experience

The Customer Experience

Experience what Chargify looks like through the eyes of your customers.

Getting Started

Learn how to get up and running in days, not weeks or months.

Integration Marketplace

Connect Chargify with dozens of third-party applications.

Referral Partner Marketplace

See what technologies and services our trusted partners offer to grow and scale your business

Resources

Developer Documentation

Documentation for those with programming/developer skills.

Product Documentation

Ensure success with our well documented knowledge-base.

Video Tutorials

Get started with Chargify using our helpful selection of video tutorials.

API Documentation

Interact with our system from your own applications.

Video Webinars

On-demand webinars to help you scale your SaaS business.

Partner Program

Learn more about our Channel and Integration Partner programs.

More

Product Updates

Get the latest on Chargify's newest products and features.

Status Page

See how Chargify is running. We'll keep you updated of any issues.

Customers

Blog

Contact Us

Talk to a B2B SaaS Expert

Submit a request to be contacted by a billing expert.

Schedule Demo

Learn how to grow your business by scheduling a one-on-one customized demonstration.

Secure and Reliable Billing Software

A winning combination of enterprise-grade security to protect your customers and proven reliability to keep your recurring billing running smoothly.

PCI DSS Level 1 Compliant

Chargify is annually audited to maintain the highest level of PCI compliance for a service handling sensitive payment data. With billing information flowing through Chargify, you can comply with industry-standard security practices without the time and resources required to maintain such standings. Our number one goal is to protect you and your customers.

Download Chargify’s compliance validation

SOC 1 Type I Report

Service Organization Controls (SOC) exist to validate a company’s controls and ensure industry standards are followed. Our SOC 1 report was prepared in accordance with the Statement on Standards for Attestation Engagements No. 16 (a.k.a SSAE 16) and documents operational policies and procedures for Chargify’s system of internal controls.

Two-Factor Authentication

As a security best practice, we require secure passwords for all Chargify users. As an additional layer of protection, we provide the ability to enable two-factor authentication. When enabled, internal team members must enter an authentication token from their mobile device prior to gaining access to the Chargify interface.

Fine-Grained User Access Controls

Your teams play important roles in running your subscription business, but not every team member needs full access to Chargify’s interface. Customer support needs to access and manage subscription information, finance needs to view and export financial metrics, etc. Our access controls allow you define what users can see and do within your Chargify account.

Reliability You Can Count On

Data Redundancy

Our software runs in three datacenters across the US. On a daily basis, we export the database and store it in an offsite facility for extra redundancy.

24/7 Monitoring

Extensive performance and availability monitoring allows us to keep a close eye on system health and mitigate unforeseen issues early on.

99.99% Uptime

Uptime is as mission critical to us as it is to your business. Our trailing three-year uptime record is 99.99%, and we’re fanatical about maintaining that record.View our uptime report.

Hacker Tested

We regularly submit ourselves to hacking by the best "good-guy" hackers in the business. This practice ensures we remain the most reliable, secure system in the industry.

PGP Key

We provide a PGP key to encrypt sensitive communication that you send to us.

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBF3xJ1EBEACjrg+DxoQ1Hd0Q9W3b+nslY4rqfQNJHk/f+v3pDXorqzrivDQA hYs43x/tLVywnURNEfIzD/dvZ3KLgESUhsZdy1NsJB3NKfwzeOqWsBFqW6X3za9i 3jj/xhVGbOciJSR4PWuRRwlGh6IFKEEm92jVQa9MZbH5bfY8VO2WushG7gzpL10i TTMT9V/Fnsgza4epC20tpBygErFs8Zu31Z/UonDaENDXgKzSqoP+bbDkCGsp+q2q kE7K6MmnHb/9p82upkAGw9uGcPRXLMQUJRGI6P04EVEcNpx60QlEu6tDUyG0AyRS z49FnTdUCKKuZUewxTvmYhfwJxs2VazwzNnHHmVizp1gdkW1wT6sQ7yqT8w0YSU3 scWLZ0zzGx3/MP9Fm19B4+DJLT7Y+GNZYklmEP0o+Vu4LvvUAeB7rZhG6BWlt/c1 pig+QfSjN3yCii/vzpvlPhDbpgm2zKmqfSoKbhRsItrjugHKL6Rx6Uttb3wtCsQM LiqX/mD+7lS7p+2xEjikOhyc/QBxRyEe+Wg3oZfUK6dPcfelKQfRffk1ojOucti8 jSXmGBlAIpXnAQzj8haC6qBJq3j8+LnWycLf6q64RyxoR7924lB/5B6qSXxLuQ5I luNA5VfYXX20RqvpdR5AnujJIQWIoFpTw6uxVhaMuv+1tIXn4Kb+OPS5IwARAQAB tClDaGFyZ2lmeSBTZWN1cml0eSA8c2VjdXJpdHlAY2hhcmdpZnkuY29tPokCVAQT AQgAPhYhBHwyZ+cHV3g+8O9n/u2NkgvV0jYfBQJd8SdRAhsDBQkB4TOABQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAAoJEO2NkgvV0jYfMfQP/19rhCte6bDE2moXwfsd 7H3m1P1inyP3mE0w0ULmlh+XOzCSvOnEkkazAUjkPFD/ZQQxkonUQw3HaNnaqcxc 2B/Z4so4lBFgUGDBJKWHYTLxgMUHUuy2D5FGTE9x2BJYsGOSYcyDT67gA+jQjdtN RAlMwNDdLWGVY9kjhfoz+v8ojSkmRNwGo7fdAcer3iMzpU9WFipsjhaf/VJcAeZD pkryGoCXzgHxCWYCWc6PDhVDUkZ/zq0L4cku+VYKxY/pT8dgVEfqE2xc0/1l9fsU y95ofgTOp5ftWncp3oL5XUI8MTumVMEWDVmluuKWczVO4dDEcy3nDW7u2JJdoNk/ rznF1sNo41VZfjt3idtEnn5fn9e4zhoy2TaJ/E4bkE3U6ueqFuX2tb6S3MWKAMjS qgkZqiCf5XADNnUldFERBvVduR0yW1FOaDhe9j/sHCkluFK8tMmmFWHdqEwnfdpn DhJEq9K97Gv2fFXToPvrL+qdWkRxZCLvBnFflvYdxMU5KPpDNJvbdKSD+je80Jm3 /+rg42XJpoE8DiiggiHbyxsmU5zVAh8xd6yx6siElkDf3YrYaP39USIwk5jNlji+ 1KMGi3+b+viSk8e1s3hST4DAG9C2nMKUPK02lSkKmsfGMl1ttnrtn7G/8T/tpEOC JuxBYLusNPbO22APWzizSHG8uQINBF3xJ1EBEACdtFvOazTuumTalxVZBHnOfSfE jhuTJeK2AOF3yIjQu73jXzoXoPuGzQjU7fn+XES00SSkfjp5hwWoIR1/5b7GgtqM XQcCMAeThrPVwF+XzSPkm1bWkhGHxhDaACbkstv/lwALJWp4BGsXWOLfqY9mkmgd 411DMK1gn24Xtmve+lMeGLNWMKXN1P45AuuAig6ypRfCJjrNYNOERLZA107wIJ83 7JDvNzdLuXGw2lhyS2xsW6+hcQ6ueFSXjMICj1GsjhjTUUCWBqPD+sT0SYCqkOyY SaZIjFf7jAqaBJKL0gURkhtzzlQxczH0FlZeeYhuIey/rlx1JVyetyJvGy/+HhLz 6mP8iFfFUgXa7UHJao6NSslk+SoG76XYDSx0AQ3f0SFeuM8z48zR+6LCCpOZA1Bn /f7HnzOYLHcOFyWv4fvARLO3TZZjLZTzR/hBBrdp2SE6LZAG40oIx4rwFawYQ2RK NFkHCmZsHL/5/4sUDecWNStmsiFN5LBNOEK2lD0H1olhuWiDzFoT/CLEbNTrf5h3 1kFAOqIdwA6u0dHcSu848d9jiUY7EWKao83Nve/GJF7YelUJ5SDbJTmb3vMR7al6 fS4akpKTL3feUwyEj3BEvm0QveOcvChqNwvqOMHwKn0gzcjGP78+6kyVoqmhsDJF MzxSZyuXhy3GR8dMjwARAQABiQI8BBgBCAAmFiEEfDJn5wdXeD7w72f+7Y2SC9XS Nh8FAl3xJ1ECGwwFCQHhM4AACgkQ7Y2SC9XSNh85Zg/+OcW6UF+GfpOFi7burQDx ucJXLVV8015/NSNwUCpyRvn5F3n24KzvXvizqWbxWGE3JwikCneRhu2wfEjnMOAS AVcQqOuAjuVzh9spoOjA9MAd1jH3Qh/40vUhbdiMheQulKFff4xPNfWI8ZZrFt6C W0N0GKywvC/XaWaXZ7gakjePYSka4JF5AGJLDQi1HzyUkZDAR5HOcHYiB7/Pqg2g MEdbXCXBevnGuDsrZE658vkEMHeU6p0mt4S7VC27hl2z1IMKrchKdCU5JcJd+nJF B3qSG0yEJjKUjqQS2JvVKfHTd+O79/siGfQt6evbWugSO2bHnb6DZUmdXGtkbwWa 5Borv6w+Icvsw9TiZkgnUFgDUwldqsiI6LuzpwftThxKaT7AfZuOC3+FgwlKO+mg lpuRQaj5mJdcg9LPJ79qMa0JzeODyPiMZp1QK6XPOBmbKHTkv/ilPGLKb9aZaa9w mn7q97B90dlJ/xaO+M5tn+bKMPu/j582UAVF54fspgbMbCVkJzaqFMAaJaW6zBax PhUh4EqmVoHDiOtdJ4bOzMPRFr1gftVJWraJP8q7Qm5DmMrA+NhmnPXdkBQVPkgW oc2M3TayLla7bdEIxcJR2dESRZ5yxdKX/l/gjKcTrE/BcG8yh8rwIxk+JMSRuS/L jnu2Iz/XrIIuya4r33rZMbg= =vl4N -----END PGP PUBLIC KEY BLOCK-----
Copy to Clipboard
Key ID:
D5D2361F
Key type:
RSA
Key size:
4096
User ID:
Chargify Security (security@chargify.com)
Fingerprint:
7C32 67E7 0757 783E F0EF 67FE ED8D 920B D5D2 361F
Expires:
2020-12-10

Help Us Keep Chargify Secure

We take our security very seriously and welcome any responsible disclosure of potential gaps in our systems.

If you believe you have discovered a potential flaw in any area of Chargify's security measures, we ask that you please share the information with us first and retain secrecy of your findings until we have remediated the issue.

If you have identified a vulnerability, report it via email to security@chargify.com

View Rules

We ask that you follow these rules for any responsible use of our system:

  • You may create a test account with the following limits: TWO accounts each with no more than TWO sites and TWO users.
  • Not in scope: Any ancillary sites not directly hosted by Chargify (such as reference.chargify.com, status.chargify.com, help.chargify.com. Zendesk, Tumblr, etc)
  • All data object creation is limited to a maximum of 50 objects per type
  • No automated off-the-shelf scanners (like Acunetix or the Burp Suite Scanner). We’ve had these run hundreds of times already
  • Scripted / API tests must be rate limited to 1 request per second
  • Absolutely NO attacks or exploits against accounts not created by you. You may only attempt cross-account access between two accounts controlled by YOU
  • No DOS/DDOS tests
  • Absolutely no physical testing such as office access (e.g. open doors, tailgaiting).
  • Absolutely no social engineering (e.g. phishing, vishing).

We ask that you please do not submit low value issues when there are only loose connections to known best practices, unless you can demonstrate a chained attack with higher impact. Google maintains an exhaustive list with explanations. This also includes things like:

  • Descriptive error messages (e.g. Stack Traces, application or server errors).
  • HTTP 404 codes/pages or other HTTP non-200 codes/pages.
  • Banner disclosure on common/public services.
  • Disclosure of known public files or directories, (e.g. robots.txt).
  • Clickjacking and issues only exploitable through clickjacking.
  • CSRF on forms that are available to anonymous users (e.g. the contact form).
  • Logout Cross-Site Request Forgery (logout CSRF).
  • Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality.
  • Lack of Secure and HTTPOnly cookie flags.
  • Lack of Security Speedbump when leaving the site.
  • Weak Captcha / Captcha Bypass
  • Username enumeration via Login Page error message
  • Username enumeration via Forgot Password error message
  • Login or Forgot Password page brute force and account lockout not enforced.
  • OPTIONS / TRACE HTTP method enabled
  • SSL Attacks such as BEAST, BREACH, Renegotiation attack
  • SSL Forward secrecy not enabled
  • SSL Insecure cipher suites
  • The Anti-MIME-Sniffing header X-Content-Type-Options
  • Missing HTTP security headers